GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-24 13:03:35 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3500320AS rev.SD1A Running: 73h8wpk8.exe; Driver: D:\DOCUME~1\Gold\USTAWI~1\Temp\awadafoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB3B764B0] SSDT sptd.sys ZwCreateKey [0xB7ED4FA0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xB3B767F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB3B76AB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB3B765D0] SSDT sptd.sys ZwEnumerateKey [0xB7F08698] SSDT sptd.sys ZwEnumerateValueKey [0xB7F08A26] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xB3B768B0] SSDT sptd.sys ZwOpenKey [0xB7ED4F80] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB3B76350] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB3B76410] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB3B76570] SSDT sptd.sys ZwQueryKey [0xB7F08AFE] SSDT sptd.sys ZwQueryValueKey [0xB7F0897E] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB3B76630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB3B76530] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB3B764F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB3B76670] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xB3B76870] SSDT sptd.sys ZwSetValueKey [0xB7F08B90] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB3B763B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB3B76430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xB3B76830] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB3B76370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB3B76470] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB3B765F0] INT 0x62 ? 8A709CB8 INT 0x63 ? 8A709CB8 INT 0x63 ? 8A709CB8 INT 0x63 ? 8A709CB8 INT 0x63 ? 8A709CB8 INT 0x63 ? 8A45DF00 INT 0x63 ? 8A709CB8 INT 0x82 ? 8A709CB8 INT 0x83 ? 8A45DF00 INT 0x94 ? 8A45DF00 INT 0x94 ? 8A45DF00 INT 0x94 ? 8A45DF00 INT 0x94 ? 8A45DF00 INT 0xA4 ? 8A45DF00 INT 0xB1 ? 8A6C6CB8 INT 0xB1 ? 8A6C6CB8 INT 0xB4 ? 8A45DF00 INT 0xB4 ? 8A45DF00 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [B0, 63, B7, B3, 30, 64, B7, ...] .text sptd.sys B7E98000 28 Bytes [30, 78, 6E, 80, A6, CB, 6E, ...] .text sptd.sys B7E9801D 3 Bytes [79, 6E, 80] .text sptd.sys B7E98024 160 Bytes [30, 53, 53, 80, 68, B9, 54, ...] .text sptd.sys B7E980C5 43 Bytes [F7, 4E, 80, C0, 98, 53, 80, ...] .text sptd.sys B7E980F1 40 Bytes [9A, 53, 80, B0, 95, 53, 80, ...] .text ... .sptd2 D:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F441AA] ? D:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6876380, 0x8D6CD5, 0xE8000020] .text USBPORT.SYS!DllUnload B68568AC 3 Bytes JMP 8A45D410 .text USBPORT.SYS!DllUnload + 4 B68568B0 1 Byte [D3] .text ae4sm7i7.SYS B671C306 74 Bytes [00, 00, 00, 40, 03, 00, 40, ...] .text ae4sm7i7.SYS B671C351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ae4sm7i7.SYS B671C3A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ae4sm7i7.SYS B671C3B4 34 Bytes [40, 00, 00, C8, 50, 41, 47, ...] .text ae4sm7i7.SYS B671C3D7 1 Byte [00] .text ... PAGE abdthf6e.SYS B66DA800 32 Bytes [03, 57, 8B, 7D, 08, 89, 75, ...] PAGE abdthf6e.SYS B66DA822 7 Bytes [00, 85, C0, 0F, 84, F6, 03] PAGE abdthf6e.SYS B66DA82A 15 Bytes [00, 80, FA, AD, 75, 0A, 80, ...] PAGE abdthf6e.SYS B66DA83A 98 Bytes [80, FA, A3, 75, 12, 8A, 53, ...] PAGE abdthf6e.SYS B66DA89D 87 Bytes [00, EB, 04, 83, 65, F4, 00, ...] PAGE ... .text D:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB23AE300, 0x3B6D8, 0xE8000020] .text D:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83C8300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[292] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00] .text D:\Program Files\Mozilla Firefox\plugin-container.exe[640] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105F32C0 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\plugin-container.exe[640] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105F324F D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\plugin-container.exe[640] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1043A8A3 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\plugin-container.exe[640] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1043AED5 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text D:\Program Files\Mozilla Firefox\firefox.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01654470 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018A047C D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018A0459 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 0165F972 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[1012] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018A03DA D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Gadu-Gadu 10\gg.exe[1680] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 106E3730 D:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text D:\Program Files\Gadu-Gadu 10\gg.exe[1680] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 106E37A0 D:\Program Files\Gadu-Gadu 10\QtWebKit4.dll ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E9A20E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E9970C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E99EEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E9970C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E998F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E99832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E9A0CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E99EEE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EADF56] sptd.sys IAT \SystemRoot\System32\Drivers\ae4sm7i7.SYS[HAL.dll!KeGetCurrentIrql] 830C4D8A IAT \SystemRoot\System32\Drivers\ae4sm7i7.SYS[HAL.dll!KfAcquireSpinLock] 0001CCB8 IAT \SystemRoot\System32\Drivers\ae4sm7i7.SYS[HAL.dll!KfReleaseSpinLock] 48880000 IAT \SystemRoot\System32\Drivers\ae4sm7i7.SYS[HAL.dll!KfRaiseIrql] C0940F68 IAT \SystemRoot\System32\Drivers\ae4sm7i7.SYS[HAL.dll!KfLowerIrql] 8B55C35D IAT \SystemRoot\System32\Drivers\ae4sm7i7.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 458D5653 IAT \SystemRoot\System32\Drivers\abdthf6e.SYS[HAL.dll!KeGetCurrentIrql] 76D83B08 IAT \SystemRoot\System32\Drivers\abdthf6e.SYS[HAL.dll!KfAcquireSpinLock] 08458903 IAT \SystemRoot\System32\Drivers\abdthf6e.SYS[HAL.dll!KfReleaseSpinLock] 75FF016A IAT \SystemRoot\System32\Drivers\abdthf6e.SYS[HAL.dll!KfRaiseIrql] B0878DFC IAT \SystemRoot\System32\Drivers\abdthf6e.SYS[HAL.dll!KfLowerIrql] FF00000F IAT \SystemRoot\System32\Drivers\abdthf6e.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 6A0C55FF ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OutputDebugStringW] [01860282] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] [01911C2B] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] [01911C3A] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] [01911C2B] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] [01911C3A] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OutputDebugStringW] [01860282] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] [01911C2B] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] [01911C3A] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] [01911C3A] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] [01911C2B] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!OutputDebugStringA] [0186025E] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!OutputDebugStringW] [01860282] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OutputDebugStringW] [01860282] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OutputDebugStringA] [0186025E] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] [01911C2B] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\MemoryHook.dll IAT D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\IMVUClient.exe[788] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!OutputDebugStringA] [0186025E] D:\Documents and Settings\Gold\Dane aplikacji\IMVUClient\SceneWindow.dll ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A7081E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\usbuhci \Device\USBPDO-0 8A45E1E8 Device \Driver\usbuhci \Device\USBPDO-1 8A45E1E8 Device \Driver\usbuhci \Device\USBPDO-2 8A45E1E8 Device \Driver\usbehci \Device\USBPDO-3 8A4391E8 Device \Driver\PCI_PNP1566 \Device\00000054 sptd.sys Device \Driver\PCI_PNP1566 \Device\00000054 sptd.sys Device \Driver\usbuhci \Device\USBPDO-4 8A45E1E8 Device \Driver\PCI_PNP1566 \Device\00000055 sptd.sys Device \Driver\PCI_PNP1566 \Device\00000055 sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{ACB75F31-9F56-444E-8821-DDD907108AD6} 890EC1E8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\usbuhci \Device\USBPDO-5 8A45E1E8 Device \Driver\prodrv06 \Device\ProDrv06 E1CED230 Device \Driver\usbuhci \Device\USBPDO-6 8A45E1E8 Device \Driver\usbehci \Device\USBPDO-7 8A4391E8 Device \Driver\Cdrom \Device\CdRom0 8A3881E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort4 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort5 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-9 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-9 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [B7E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Cdrom \Device\CdRom1 8A3881E8 Device \Driver\Cdrom \Device\CdRom2 8A3881E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8C39CE47-8EA4-45B2-A0E2-7D3D5B43CF90} 890EC1E8 Device \Driver\Cdrom \Device\CdRom3 8A3881E8 Device \Driver\prohlp02 \Device\ProHlp02 E101FE20 Device \Driver\NetBT \Device\NetBt_Wins_Export 890EC1E8 Device \Driver\NetBT \Device\NetbiosSmb 890EC1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F94475DD-EECE-4EBA-BF29-FAFF68C700D6} 890EC1E8 Device \Driver\usbuhci \Device\USBFDO-0 8A45E1E8 Device \Driver\usbuhci \Device\USBFDO-1 8A45E1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890E21E8 Device \Driver\usbuhci \Device\USBFDO-2 8A45E1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 890E21E8 Device \Driver\usbehci \Device\USBFDO-3 8A4391E8 Device \Driver\usbuhci \Device\USBFDO-4 8A45E1E8 Device \Driver\usbuhci \Device\USBFDO-5 8A45E1E8 Device \Driver\usbuhci \Device\USBFDO-6 8A45E1E8 Device \Driver\usbehci \Device\USBFDO-7 8A4391E8 Device \Driver\abdthf6e \Device\Scsi\abdthf6e1Port6Path0Target1Lun0 8A3641E8 Device \Driver\ae4sm7i7 \Device\Scsi\ae4sm7i71 8A3681E8 Device \Driver\abdthf6e \Device\Scsi\abdthf6e1Port6Path0Target0Lun0 8A3641E8 Device \Driver\abdthf6e \Device\Scsi\abdthf6e1 8A3641E8 Device \Driver\ae4sm7i7 \Device\Scsi\ae4sm7i71Port7Path0Target0Lun0 8A3681E8 Device \FileSystem\Cdfs \Cdfs 89E49430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x83 0x5C 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x05 0x63 0xE9 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x03 0x9E 0x7C 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0x8F 0xF8 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x5A 0xA8 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x3D 0x74 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x59 0xD7 0x89 0x17 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x83 0x5C 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x05 0x63 0xE9 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x03 0x9E 0x7C 0x61 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0x8F 0xF8 0x82 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x5A 0xA8 0x63 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x3D 0x74 0x63 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x59 0xD7 0x89 0x17 ... ---- EOF - GMER 1.0.15 ----